The Food and Drug Administration has released an action plan focused on improving the agency’s cyber defense capabilities using technological advances. Under the Cybersecurity Modernization Action Plan, the FDA aims to implement the zero trust cybersecurity approach to protect sensitive data and systems from cyberattacks. The Office of Information Security is in charge of coordinating […]
David Pekoske, the head of the Transportation Security Administration, said at a recent Aspen Institute event that efforts are underway to build a new set of cybersecurity requirements for the aviation industry following denial-of-service attacks by Russia-allied hackers on U.S. airport systems in October. He did not share details on the rules’ contents or a […]
A new joint cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency and the FBI revealed that hackers sponsored by the Iranian government exploited a Log4Shell vulnerability in an unpatched VMware Horizon server of an undisclosed federal civilian executive branch organization. The Log4Shell vulnerability is a software flaw of open-source logging library Log4j. The infiltrators […]
The Government Accountability Office said a bureau within the Department of the Interior has done little to address cybersecurity risks across offshore oil and gas facilities. According to a GAO report concerning the DOI’s Bureau of Safety and Environmental Enforcement, which oversees over 1,600 offshore oil and gas facilities, a cyberattack on the offshore sites […]
Eun Young Choi, director of the Department of Justice’s National Cryptocurrency Enforcement Team, said at an Aspen Institute event Wednesday that her office is increasingly successful at helping victims of ransomware attacks. She explained that the team now has over 150 digital asset investigators and coordinators working to address illegal crypto-related activities and that work […]
Sentar will use the Consequence-driven Cyber-informed Engineering methodology patented by the Department of Energy’s Idaho National Laboratory to secure operational technology. CCE is meant to assist federal agencies with meeting cyber threat detection requirements established by the 2022 National Defense Authorization Act, the company said. To safeguard critical infrastructure, the proprietary risk management framework applies […]
The U.S.-China Economic and Security Review Commission’s 2022 report to Congress recommended conducting a review of the activities performed by Chinese companies in the U.S. critical sectors where the entities are found to have benefited from “cyber-enabled intelligence collection or theft of intellectual property” sponsored by China. The USCC also urged the Biden administration to […]
The Government Accountability Office said the Department of Defense needs to take additional steps to ensure that cyber incidents are properly reported and shared. According to a GAO report, the Pentagon has not yet fully implemented its processes for managing cyber incidents, does not have complete data on reports and does not document whether it […]
An official from the Defense Advanced Research Projects Agency said using emerging technologies and risk mitigation can create a better, more resilient digital infrastructure at the national level. Kathleen Fisher, the director of DARPA’s Information Innovation Office, said during a President’s Council of Advisors on Science and Technology meeting that one experiment involving its Rapid […]
The National Security Agency has published guidance that can help software developers and operators prevent and mitigate software memory safety issues. According to the Software Memory Safety Cybersecurity Information Sheet, hackers can exploit poor memory management issues to access sensitive information, execute unauthorized code, crash programs and compromise memory settings. The guidance also noted that […]
